Online security

Cyber ​​Security and Indian Cyber ​​Laws

Cybersecurity is an abstract concept comprising everything from desktop computers to smartphones, software, web and mobile applications, clouds, servers and all the infrastructure supporting vital business processes. The increasing interaction between people and technology-based services has led to the evolution of cyberspace, where people can store any type of information (in various forms) and interact with technology at their convenience.

This type of interconnection, however, can prove as fatal as it is beneficial due to its tendency to be misused by cybercriminals. To maintain the integrity of this relationship between humans and technology, certain laws and governance frameworks have been created and mandated.

What are cybercrimes?

Any crime related to or concerning information systems could be qualified as cybercrime. They are defined as unlawful acts where –

  1. Crime is committed using the computer as a tool, such as cyberterrorism, IPR violations, and credit card or funds transfer fraud.
  2. The computer may also serve as a target for criminal activities, such as hacking, virus/worm attacks, and DoS attacks.
  3. A computer is both the means and the target of these illegal activities.

A very common example of cybercrime could be hacking into a social media account, like Facebook or Instagram. Other cases may include various virus-based attacks, identity theft, cyberstalking, pornography, email bombing, and crimes related to finance or intellectual property.

Categorization of Cybercrimes

Cybercrimes can be classified according to their targets.

  1. Crimes against persons
  2. Crimes against individual property
  3. Crimes against the government
  1. Crimes against persons

Crimes like these usually target individuals and affect them financially, mentally or physically.

  • Hacking – It involves complete infiltration of the victim’s personal information to harm the individual, be it financially, mentally or physically. An attacker circumvents computer technology by gaining unauthorized access to it.
  • Harassment on the Internet – The repeated and deliberate harassment of an individual forges the core of cyberbullying. The most common example of such bullying may be people leaking private photos or videos to harass their partners, friends or anyone else. It is more common in adolescents, especially schoolchildren.
  • Defamation – This crime includes hacking into an individual’s or organization’s email or other social media accounts to send obscene content to their connections and defame their credibility.
  • Cyber ​​harassment – In this, the attacker, posing as an anonymous user, harasses a victim using the news media. Cyberstalking is the online equivalent of being tracked by someone through emails, instant messaging, social networking sites, or interactions on various chat groups or websites.

2. Crimes against property

Thanks to advances in technology, real estate business is not limited to the same country or region. It has become internationalized and to manage this process, electronic management systems have replaced paper-based management. This technological factor adds to the risk of various cyber crimes in this field.

  • Cybersquatting – It is the process of illegally acquiring someone’s property by unfair means. A common example includes registering a domain resembling famous websites.
  • Cyber ​​vandalism – Cybervandalism refers to the act of destroying computer infrastructure or the information stored therein, by extracting login credentials from a system or erasing valuable information from hard drives.
  • Intellectual Property Crimes – This category of cyber crime includes software piracy, violation of patents, copyrights, trademarks, official plans and many more such documents.
  • Hacking systems – In this, cyber criminals attack a computer system with the sole purpose of destroying information to harm the credibility of a system or an individual.

3. Crimes against the government

Many cyberattacks target the government of one nation or other countries. Some of them are –

  • Cyber-terrorism – Activities such as denial of service (DoS) attacks and attacks that target sensitive networks to damage critical information infrastructure (CII) are called cyberterrorism. Terrorists who practice such criminal activities interact with each other via encrypted or secured emails with some kind of secret code.
  • Cyber ​​war – To gather military data from a different country, the attacker deliberately targets that nation’s information system to gain a military advantage over it. This data is used against that particular nation to disrupt wars.
  • Pirated Software – Hacking is a permanent headache for the protectors of information systems. When used against the government, piracy can prove to be a significant problem. Pirated software damages and destroys confidential government documents.
  • Acquisition of unauthorized information – Through their extensive network, attackers can acquire confidential information about a nation’s politics, economy, religions, social issues and other important areas that affect the governance of that nation, thereby posing a threat to the well-being of this nation.


After the United Nations General Assembly passed a resolution in January 1997, inter alia, recommending that all UN member states give favorable consideration to the draft model law, which recognized electronic records and accorded them the same treatment as paper communications and records, the Indian Cyber ​​Security Act or the Information Technology Act was drafted.

The Information Technology Act was later passed as a Bill and was approved by the Union Cabinet on May 13, 2000. It was later approved by the President of India on June 9 2000 and was called the ‘Information Technology Act, 2000’. The law came into effect on October 17, 2000.

The act originally processed –

  1. Legal recognition of electronic documents
  2. Legal recognition of digital signatures
  3. Offenses and tickets
  4. Dispensing systems of justice for cybercrimes

But since technology is an ever-changing component, the laws had to be revised. For this reason, the Information Technology Act of 2008 was recognized. It entered into force on October 27, 2009.

The Information Technology Act 2008 aimed to pursue technological neutrality, addressing some of the gaps and shortcomings of the original law. He aspired to help adapt to future development and related security concerns of the IT industry.

The revised law includes the following provisions regarding data protection and privacy.

  1. Electronic signature – To make the law more “technologically neutral”, the term “Digital Signature” has been replaced with “Electronic Signature”, since the latter represents the guardianship of various types of digital marketing, while the former only illustrates a specific type. electronic signature.
  1. Cyber-terrorism – The amendment embraced the concept of cyberterrorism and established sanctions after the events of 11/26. Cybercrime expanded its horizon under Section 66 with various crucial cybercrimes as well as Section 66A, which penalized the exchange of “offensive messages”. However, Section 66A was later struck down after realizing that it violated the fundamental right to freedom of speech and expression.
  1. Child pornography – A set of articles have been organized under Section 67 to recognize the crime of publishing child pornography as a heinous act. Along with this, a reduction in the prison term was considered, as well as an increase in the fine for publishing obscene material in electronic form.
  1. Internet cafe rules – Internet cafes have always been a major hub for the exchange of obscene e-mails, identity theft and Internet banking fraud, but the exclusion of Internet cafe security in the law has not helped to solve this problem. The IT Act 2008 explicitly includes and defines these issues under ‘intermediaries’.
  1. Government oversight – In the original Act, the Telegraph Act restricted the government to monitor and listen to telephone calls, or read messages or emails from the public due to public emergency and security, but the new law eliminates these restrictions, extending the authority of the government.

Comply with cyber laws with Kratikal

Cybersecurity laws are unique to each country and enforced by law, and Compliances conduct policies to set the course for these industries, individuals and government legislations to follow.

For organizations to operate in cybersecurity, they must comply with certain standards. These standards are nothing but rules and regulations made by the governments of various countries based on their IT rules.

Kratikal is a CERT-In Empanled security solutions company that provides audits for regulatory and standard compliance, such as ISO 27001, a security standard that adheres to legally mandated data security requirements, SOC2, PCI-DSS, HIPAA, and many more , as well as a full suite of VAPT testboth manual and automated.

Auditing these standards makes a company more efficient and trustworthy in a deception-ridden field.

Do you think India’s cybercrime laws effectively deal with cybercrimes? Share your opinion in the comments below!

The post Cybersecurity and the Indian Cyber ​​Laws appeared first on Kratikal Blogs.

*** This is a syndicated blog from the Kratikal Blogs Security Bloggers Network written by Deepti Sachdeva. Read the original post at: